About iWork and Box collaboration security

Learn how files are opened and accessed across Box and Apple servers when you collaborate on iWork documents stored in Box.

To facilitate iWork collaboration between users, documents must first be transferred to Apple servers. The documents are operated on in memory, and to optimize editing performance, they are also encrypted and cached. Box provides and secures the encryption keys that are used to protect cached documents.

To decrypt a cached document for further editing, Apple servers obtain the required encryption keys from Box via an access token, which is first passed to the iWork app and from there to Apple’s servers. This access token is valid for only 24 hours. If users are still working on the document, the access token is automatically renewed, except on the web where the token is never renewed. Box can refuse to grant access to encryption keys if the user is no longer authorized to work on the document.

Encrypted documents are cached on Apple servers for up to 28 days, at which point they are automatically deleted. Cached documents are only decrypted when a user has opened a shared iWork document or an iWork document on the web, and only if Box grants access to the required key.

To generate previews, documents are transferred to Apple servers. They are stored temporarily and are never cached.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.